How to Enable Kerberos in Hadoop?

The UDA channel is for Teradata’s Unified Data Architecture including the Analytical Ecosystem and other UDA influences. This channel provides information specific to the integration and co-existence of multiple systems, in particular when a mix of Aster, Teradata, and Hadoop are present. It is also meant to support information around the UDA enabling technologies so products like Viewpoint, Data Mover, Connectors, QueryGrid, etc.
Teradata Employee

How to Enable Kerberos in Hadoop?

1. Run hcli system setup_kerberos, which provides values you must enter when running the wizard.
2. Run the Enable Kerberos wizard.

3.The output of the hcli command includes the URL for the Kerberos wizard.



This command adds nodes, implements failover, controls Hadoop services, or reports component version in the cluster.

a) hcli [--option] system [addNode -n FQDN --type=type | failover | start | stop | restart [--stale] | version [option] ]

hcli system addNode -n FQDN --type=DATA | EDGE | MASTER [-h | --help]
Add a new node to the configuration.
• -n FQDN Name of the node and Fully Qualified Domain Name added to the
• --type=type Type of the node, data or edge, or master to be added to the configuration.
• -h | --help Show help for this command.
Exit code 0 if adding the node was successful; exit code 1 if the node could not be added.
Example: hcli system addNode -n hostname --type=DATA

hcli system setup_kerberos [OPTIONS]
•Run this command before using the Enable Kerberos wizard.
•The output of the command provides values you need to enter when using the wizard.
•Configure local MIT KDC and prepare the Hadoop cluster for Kerberos enablement via this command and the Enable Kerberos wizard.
•Executing this command will install the krb5-server package on Master Node 1 and install the krb5-client package on all nodes in the

  Hadoop cluster.
•During the execution of this command the user will be prompted to set the password for the
•KDC database master key and the Kerberos admin principal kadmin/admin@<REALM>.
•A principal and headless keytab will be created for the ‘tdatuser’ service account.
•The local YARN usercache directories will be cleared.
•During the execution of this command the user will be prompted to restart the cluster after making several configuration changes to various Hadoop services.
•This cluster restart is not mandatory, but if it is skipped, services will have stale configurations until they are restarted.